Samsung clears the bug from its smartphones since 2014
By MYBRANDBOOK
Samsung has released a security patch this week that brings a critical fix for its devices. The security flaw was first brought to light by a security researcher with Google’s Project Zero team. The flaw resides in how Samsung’s version of Android OS handles the custom Qmage image format (.qmg). Samsung started supporting this custom image format on all devices released since late 2014.
Mateusz Jurczyk, a Security Researcher with Google’s Project Zero team, discovered a way to exploit the vulnerability. The vulnerability exploits how Skia (the Android graphics library) handles Qmage images sent to a device.
Jurczyk says the Qmage bug can be exploited without user interaction leading to a zero-click scenario. This happens because Android redirects all images sent to a device to the Skia library for processing without a user’s knowledge. Samsung fixes a critical bug
According to the report, the researcher developed a proof-of-concept demo exploiting the bug against the Samsung Messages app. The app included on all Samsung devices, is responsible for handling SMS and MMS messages.
Jurczyk further notes that once the Skia library is located in memory, a last MMS delivers the actual Qmage payload. It then executes the attacker’s code on a device.
The researcher also notes that the attack usually needs between 50 and 300 MMS messages to probe and bypass the ASLR. In other words, it will take around 100 minutes to execute the attack. While it might look noisy and time consuming, the researcher adds that it can be done without alerting the user.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
SECLORE TECHNOLOGY PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
TEJAS NETWORKS INDIA PVT. LTD.
EXIDE INDUSTRIES LTD.
Technology Icons Of India 2023: Sachin Bansal
Sachin Bansal’s fintech startup, Navi Technologies, simplifies loan ...
Technology Icons Of India 2023: Byju Raveendran
Byju Raveendran is the founder of edutech start-up Byju’s. Raveendra...
Technology Icons Of India 2023: Ashish Kumar Chauhan
Ashish works as the CEO of the National Stock Exchange (NSE). He is al...
BEL leveraging next generation technologies to keep the country ahead in Defence space
Bharat Electronics Limited (BEL) is a Navratna PSU under the Ministry ...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...